1.ADN:application Delivery Networking, Delivering web applications , It uses the corresponding network optimization / Acceleration equipment , Ensure the security of users' business applications 、 Fast 、 Reliable delivery to internal staff and external customer base .
2.node: node
3.pool( Load balancing pool )
4.profile: Definition virtual server Behavior settings ;
5.virtual server( Virtual server )virtual server Receive access requests from clients , The request is then distributed to the load balanced node servers .
6.Monitor: track POOL The current status of the member . You can use the system with Monitor. Some businesses need to be customized Monitor.
7.SNAT: When the server inside the load balancer initiates an active outbound access , Address mapping on the load balancer .
SNAT Application scenarios :
inbound
《1》 Not in series ;《2》 From outside to inside , The address of the external network terminal of the packet source needs to be converted to F5 The public address of ;
outbound
《1》 The internal network host needs to initiate the access to the external network and the reverse access is prohibited ;( It can only match SNAT Unworthy VS Address , To configure VS It will be more troublesome )
standard SNAT Configuration mode ----
1. Intranet address translation public address ( The public address can be a virtual address );
2.automap feature( Automatic mapping ) Map the intranet address automatically F5 The real address of the interface ;
3. Define a POOL,F5 Automatic selection ( It's like dynamic assembly )
auto lasthop
see SNAT surface :show sys connection XXXX( You can refine a protocol , for example protocol icmp)
---------------------------------------------------------------------------------------------------------
Configuration process notes :
《1》 Add server Of node:
《2》 Add ports :“Node”-“Default monitor”-“icmp"
《3》 with VS:
name:http-server
type:standard
DesIP:172.16.20.3
Port:80
Protocol Profile(Client):nptcp-mobile-optimized
Protocol Profile(Server):tcp-lan-optirized
vians and tunnel traffic:Enable on-- choose F5 Shangliankou
Default pool: choose “pool-web”
establish pool pool :“pool”-“pool list”- call “http” Move left - call “Node list” Members of 80 port
《4》 Open session hold :“virtual sever”-“virtural server list”-“http-server”-“Resources”
among Default Perisitence Profile Option call “source_addr"
verification : from ISP1/2-XP-Client Website login VS IP(172.16.20.3) see pool member addres Is it polling , Change to a single server .
《5》 Customize HTTP profile:
《6》 Use stream profile Replace the content of the web page :
《7》 Turn on LTM Of ARM Routing functions , Delete DC2-SW Of SVI mouth , And corresponding to F5 To configure 3 Business outlets ;
《8》DC2-F5-DNS do NAT“
“Local Traffic”-“Address Translation”-“NAT list”-“Add”
name fill “http-ip-1”
NAT Address fill ”61.129.0.3“
origin Address fill “172.16.20.3”
name fill “http-ip-2”
NAT Address fill ”129.62.0.3“
origin Address fill “172.16.20.4”
Because of the above correspondence , To go back LTM Make up for “172.16.20.4” Of VS Address pool
verification :XP1(ISP1,ISP2) Visit the public network 62.129.0.3 or 129.62.0.3 When , It will correctly display web page
* Did NAT after , You don't have to think about DNS Announce the business segment to the Internet , Increase security .
《9》 rise VS Address and do SNAT:
scene : The server actively accesses the external environment ,outbound Direction configuration ;
General idea of configuration :DC2-F5-DNS rise 62.129.0.3 and 129.62.0.3 Of VS Address , And then in DC2-F5-LTM Top left SNAT Transformation .
(1)LTM Rise SNAT list, Will source 10.1.20.0/24 Switch to intranet ip 172.16.0.5;
(2)DNS Up SNAT pool list, Add the two assigned public network addresses as member member ;
(3)DNS Rise SNAT list, Will source 172.16.0.5 The package is converted to (2) Step by step “pool list”
stay DC2-F5-LTM On :
“Local Traffic”-“Address Translation”-“SNAT list”-"Add“
name fill “http-server-internet”
Translation fill “172.16.20.5”
origin choice “Addess List“, fill ”10.1.20.0/24“
△SNAT Default conversion TCP and UDP Traffic , Others don't convert ( for example icmp). If it becomes all , be “system”-“configurations”-“local traffic”-“general” in “SNAT Packet forward” choice “All traffic“
stay DC2-F5-DNS On :
“Local Traffic”-“Address Traffic”-“SNAT pool list“-”Add“
name Fill in “ISP1-ISP2”
“member list”-“Address list” fill “62.129.0.5” and “129.62.0.5”-“finish”
A new start “SNAT list”--
name fill “Internel-172.16.20.5“
Translation choose “SNAT pool”-“ISP1-ISP2”
Address/Prefix length fill “172.16.20.5/32”
△ It has to be changed SNAT Pakcet forwad.
verification :
1. stay LTM On TCP dump Bag catching :( Intranet XP1 ping 172.16.0.1)
#
tcp dump -i ( Interface ) 172.16.0.1 host and icmp
#
2. Intranet XP1 ping ISP1 and ISP2 Of XP host
-----------------------------------------------------
Topology with notes
